-
cups (2.1.3-4ubuntu0.11) xenial-security; urgency=medium
* SECURITY UPDATE: information disclosure via OOB read
- debian/patches/CVE-2019-2228.patch: fix ippSetValueTag validation of
default language in cups/ipp.c.
- CVE-2019-2228
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2020-3898.patch: properly handle invalid
resolution names in cups/ppd.c, ppdc/ppdc-source.cxx.
- CVE-2020-3898
-- Marc Deslauriers <email address hidden> Fri, 24 Apr 2020 10:48:53 -0400
-
cups (2.1.3-4ubuntu0.10) xenial-security; urgency=medium
* SECURITY UPDATE: Stack buffer overflow in SNMP ASN.1 decoder
- debian/patches/CVE-2019-86xx.patch: update cups/snmp.c to check for
buffer overflow when decoding various ASN.1 elements.
- CVE-2019-8675
- CVE-2019-8696
* SECURITY UPDATE: Buffer overflow in IPP
- debian/patches/CVE-2019-86xx.patch: update cups/ipp.c to avoid
buffer overflow due to tag type confusion
* SECURITY UPDATE: Denial of service and memory disclosure in scheduler
- debian/patches/CVE-2019-86xx.patch: update scheduler/client.c to
avoid a denial of service and possible memory disclosure if the
client unexpectedly closes the connection
-- Alex Murray <email address hidden> Fri, 16 Aug 2019 17:40:11 +0930
-
cups (2.1.3-4ubuntu0.9) xenial; urgency=medium
* d/p/0045-Fix-an-issue-with-PreserveJobHistory-and-time-values.patch
Fix an issue with `PreserveJobHistory` and time values
(Issue #5538, Closes: #921741, LP: #1747765)
-- Dariusz Gadomski <email address hidden> Thu, 30 May 2019 11:33:26 +0200
-
cups (2.1.3-4ubuntu0.8) xenial; urgency=medium
* d/p/systemd-service-for-cupsd-after-sssd.patch: Start cupsd after sssd if
installed (LP: #1822062)
-- Victor Tapia <email address hidden> Tue, 23 Apr 2019 17:44:19 +0200
-
cups (2.1.3-4ubuntu0.7) xenial; urgency=medium
* fix-handling-of-MaxJobTime.patch: Fix handling of MaxJobTime 0
(LP: #1804576)
-- Dariusz Gadomski <email address hidden> Wed, 12 Dec 2018 08:34:26 +0100
-
cups (2.1.3-4ubuntu0.6) xenial-security; urgency=medium
* SECURITY UPDATE: predictable session cookies
- debian/patches/CVE-2018-4700.patch: use better seed in cgi-bin/var.c.
- CVE-2018-4700
-- Marc Deslauriers <email address hidden> Fri, 16 Nov 2018 14:06:39 -0500
-
cups (2.1.3-4ubuntu0.5) xenial-security; urgency=medium
* SECURITY UPDATE: scheduler crash via DBUS notifications
- debian/patches/CVE-2017-18248.patch: validate requesting-user-name in
scheduler/ipp.c.
- CVE-2017-18248
* SECURITY UPDATE: privilege escalation in dnssd backend
- debian/patches/CVE-2018-418x.patch: don't allow PassEnv and SetEnv to
override standard variables in man/cups-files.conf.man.in,
man/cupsd.conf.man.in, scheduler/conf.c.
- CVE-2018-4180
* SECURITY UPDATE: local file read via Include directive
- debian/patches/CVE-2018-418x.patch: remove Include directive handling
in scheduler/conf.c.
- CVE-2018-4181
* SECURITY UPDATE: AppArmor sandbox bypass
- debian/local/apparmor-profile: also confine
/usr/lib/cups/backend/mdns.
- CVE-2018-6553
-- Marc Deslauriers <email address hidden> Fri, 22 Jun 2018 13:45:28 -0400
-
cups (2.1.3-4ubuntu0.4) xenial-security; urgency=medium
* SECURITY UPDATE: Incorrect whitelist permits DNS rebinding attacks
- debian/patches/CVE-2017-18190.patch: Don't treat "localhost.localdomain"
as an allowed replacement for localhost, since it isn't
- CVE-2017-18190
-- Chris Coulson <email address hidden> Mon, 19 Feb 2018 17:37:01 +0000
-
cups (2.1.3-4ubuntu0.3) xenial; urgency=high
* Adding maintainer script debian/cups-daemon.prerm to deal with situations
where "old-version" (installed package) prerm script fails. (LP: #1642966).
cups (2.1.3-4ubuntu0.2) xenial; urgency=medium
* Make cups.path unit be part of the cups.service, since cups.path
should stop if and when cups.service is stopped. LP: #1642966
cups (2.1.3-4ubuntu0.1) xenial-proposed; urgency=medium
* Removed auto-shutdown-on-idle-also-with-webinterface-on.patch
as it causes CUPS to auto-shutdown when web interface support is
active (LP: #1598300).
-- Eric Desrochers <email address hidden> Fri, 18 Aug 2017 12:08:28 -0400
-
cups (2.1.3-4ubuntu0.2) xenial; urgency=medium
* Make cups.path unit be part of the cups.service, since cups.path
should stop if and when cups.service is stopped. LP: #1642966
-- Dimitri John Ledkov <email address hidden> Thu, 22 Dec 2016 17:08:36 +0000
-
cups (2.1.3-4ubuntu0.1) xenial-proposed; urgency=medium
* Removed auto-shutdown-on-idle-also-with-webinterface-on.patch
as it causes CUPS to auto-shutdown when web interface support is
active (LP: #1598300).
-- Till Kamppeter <email address hidden> Mon, 14 Nov 2016 14:38:01 -0200
-
cups (2.1.3-4) unstable; urgency=medium
[ Till Kamppeter ]
* Quirk rule to make Lexmark C540n work (STR #4778)
* Quirk rule to make Xerox WorkCentre 3220 work (LP: #1406203, STR #4789)
-- Didier Raboud <email address hidden> Fri, 18 Mar 2016 15:24:54 +0100
-
cups (2.1.3-3) unstable; urgency=medium
* Install missing cups-snmp.8 manpage (Closes: #816316)
-- Didier Raboud <email address hidden> Mon, 29 Feb 2016 22:11:50 +0100
-
cups (2.1.3-1build1) xenial; urgency=medium
* No-change rebuild for gnutls transition.
-- Matthias Klose <email address hidden> Wed, 17 Feb 2016 22:24:02 +0000
-
cups (2.1.3-1) unstable; urgency=medium
* New 2.1.3 upstream release:
- /admin resource files (like config files of CUPS) were not served when
the web interface was disabled, breaking utilities like "cupsctl"
(CUPS STR #4755)
-- Didier Raboud <email address hidden> Sat, 13 Feb 2016 16:35:01 +0100
-
cups (2.1.2-2) unstable; urgency=medium
[ Till Kamppeter ]
* Add patch to avoid letting pending subscriptions prevent CUPS from
auto-shutdown when idle (CUPS STR#4754)
* Add patch to allow auto-shutdown when idle if the web interface is not
turned off in the CUPS configuration, the web interface is too important
(CUPS STR #4755)
[ Didier Raboud ]
* Remove libpng12-dev Build-Depends alternative to libpng-dev
(Closes: #810183)
-- Didier Raboud <email address hidden> Wed, 13 Jan 2016 16:21:31 +0100
-
cups (2.1.2-1) unstable; urgency=low
* New 2.1.2 upstream release
* Drop patches included upstream:
- usb-backend-fix-infinite-loop-when-usblp-module-attached.patch
- usb-backend-delayed-closing-for-old-laserjets.patch
- fix-ppd-file-load-for-ipp-printers.patch
Refresh 2 other patches
* Update Apple Inc. Copyright years in debian/copyright
-- Didier Raboud <email address hidden> Thu, 03 Dec 2015 21:25:48 +0100
-
cups (2.1.0-7) unstable; urgency=medium
[ Till Kamppeter ]
* Removed deprecated no-op "--upstart-only" option from dh_installinit call
in debian/rules (LP: #1519228)
* Moved empty directories /etc/cups/ppd and /etc/cups/interfaces to the
cups-core-drivers binary package
* Moved mime.convs from cups-server-common to cups-core-drivers to get it
onto mobile devices with level-2 printing stack (support for IPP printers
with common PDLs auto-set-up by cups-browsed)
-- Didier Raboud <email address hidden> Mon, 30 Nov 2015 22:21:04 +0100
-
cups (2.1.0-6ubuntu1) xenial; urgency=medium
* debian/rules: Drop Ubuntu special-casing of dh_installinit. The
--upstart-only option has been a deprecated no-op for a long time.
(LP: #1519228)
-- Martin Pitt <email address hidden> Tue, 24 Nov 2015 09:48:46 +0100
-
cups (2.1.0-6) unstable; urgency=medium
[ Till Kamppeter ]
* Move /usr/lib/cups/daemom/cups-exec from the "cups" binary package to the
"cups-daemon" binary package as it is already needed for basic job
execution and therefore already in the level-1 (minimum) printing stack
(LP: #1509423)
-- Didier Raboud <email address hidden> Fri, 06 Nov 2015 17:09:44 +0100
-
cups (2.1.0-5) unstable; urgency=medium
[ Till Kamppeter ]
* Add upstream patch to fix cupsGetPPD* with IPP print queues
(CUPS STR #4725)
-- Didier Raboud <email address hidden> Wed, 21 Oct 2015 15:01:21 +0200
-
cups (2.1.0-4ubuntu3) wily; urgency=medium
* Updated the patch to patch loading the PPDs for IPP print queues
to the corrected upstream fix (CUPS STR #4725).
-- Till Kamppeter <email address hidden> Thu, 8 Oct 2015 11:46:01 -0300
